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ABSTRACT 

Motion sensors (e.g., accelerometers) on smartphones have 
been demonstrated to be a powerful side channel for attack¬ 
ers to spy on users’ inputs on touchscreen. In this paper, we 
reveal another motion accelerometer-based attack which is 
particularly serious: when a person takes the metro, a ma¬ 
licious application on her smartphone can easily use accel¬ 
erator readings to trace her. We first propose a basic attack 
that can automatically extract metro-related data from a large 
amount of mixed accelerator readings, and then use an en¬ 
semble interval classier built from supervised learning to in¬ 
fer the riding intervals of the user. While this attack is very 
effective, the supervised learning part requires the attacker to 
collect labeled training data for each station interval, which 
is a significant amount of effort. To improve the efficiency 
of our attack, we further propose a semi-supervised learning 
approach, which only requires the attacker to collect labeled 
data for a very small number of station intervals with obvi¬ 
ous characteristics. We conduct real experiments on a metro 
line in a major city. The results show that the inferring ac¬ 
curacy could reach 89% and 92% if the user takes the metro 
for 4 and 6 stations, respectively. 
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1. INTRODUCTION 

Sensor-rich mobile devices such as smartphones and 
tablets have become ubiquitous. Ever-expanding users 
carry them everywhere. High-quality sensors (e.g., cam¬ 
era, GPS and accelerometer) on these devices continu¬ 
ously sense people-centric data and have helped devel¬ 
opers create a wide range of novel applications. How¬ 
ever, once these sensors are hijacked by malware, they 
may seriously threaten the user privacy. For instance, 
Templeman et al. [1] recently introduce a visual mal- 
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ware that can exploit cameras on smartphones to con¬ 
struct rich, three dimensional models of users’ homes 
or offices. Owusu et al. [2] find that accelerometers 
could be utilized to eavesdrop passwords that users in¬ 
put through touch screens. 

While a good number of sensor-based threats have al¬ 
ready been identified, this paper reveals a new one that 
is particularly serious. In brief, we find that if a person 
with a smartphone takes the metro, a malicious applica¬ 
tion on her smartphone can use the accelerometer read¬ 
ings to trace her, i.e., infer where she gets on and off 
the train. The cause is that metro trains run on tracks, 
making their motion patterns distinguishable from cars 
or buses running on ordinary roads. Moreover, due to 
the fact that there are no two pairs of neighboring sta¬ 
tions whose connecting tracks are exactly the same in 
the real world, the motion patterns of the train within 
different intervals are distinguishable as well. Thus, it is 
possible that the running of a train between two neigh¬ 
boring stations produces a distinctive fingerprint in the 
readings of 3-axis accelerometer of the mobile device, 
leveraging which attackers can infer the riding trace of 
a passenger. 

We believe this finding is especially threatening 
for three reasons. First, current mobile platforms such 
as Andorid allow applications to access accelerometer 
without requiring any special privileges or explicit user 
consent, which means it is extremely easy for attack¬ 
ers to create stealthy malware to eavesdrop on the ac¬ 
celerometer. Second, metro is the preferred transporta¬ 
tion mean for most people in major cities. For exam¬ 
ple, according to the Wikipedia, the daily of ridership 
of New York City Subway is between 2.5 million and 
5.5 million, while that of Tokyo Metro is about 6.4 mil¬ 
lion. This means a malware based on this finding can 
affect a huge population. Last and the most impor¬ 
tantly, metro-riding traces can be used to further infer 
a lot of other private information. For example, if an 
attacker can trace a smartphone user for a few days, he 
may be able to infer the user’s daily schedule and liv¬ 
ing/working areas and thus seriously threaten her phys- 
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ical safety. Another interesting example is that if the 
attacker finds Alice and Bob often visit the same sta¬ 
tions at similar non-working times, he may infer that 
Bob is dating Alice. 

We emphasize that our attack is more effective and 
powerful than using GPS or cellular network to trace 
metro passengers. The first reason is that metro trains 
often run underground, where GPS is disabled. The 
second reason is that on most mobile platforms, appli¬ 
cations have to request for user permissions before being 
able to access built-in localization components including 
both the GPS unit and the cellular localizer. In addi¬ 
tion, while using these components, a particular icon 
usually appears on the screen, which will draw the at¬ 
tention of users soon. Therefore, we think that it is not 
a good choice to use built-in localization components to 
track metro passengers stealthily. 

Methodology and Challenges: There exist some 
nice dead reckoning mechanisms that exploit the smart¬ 
phone accelerometer to estimate the moving directions 
and placements of a car [3] or a walking man mn]. So, 
the attacker may also leverage these mechanisms to re¬ 
construct the train trajectory and then map it to the 
metro lines on the map to trace the passenger. Never¬ 
theless, compared with walking and other transporta¬ 
tion means, the running of metro trains is much gen¬ 
tler even at turning points, which means that their ac¬ 
celerometer readings are much smaller and more sensi¬ 
tive to even tiny noises. Consequently, the above meth¬ 
ods designed for cars or humans, which require to pre¬ 
cisely extract fine-grained micro information (e.g., turn 
angles, displacement) hidden in every few seconds of ac- 
clerometer readings, are not suitable for metro trains. 
According to our experiment, the predicted trajectory 
is far from the real one. 

However, although fine-grain micro information is hard 
to learn, tens of seconds of accelerometer readings be¬ 
tween between each pair of neighboring stations (called 
station interval) must expose some coarse-grained but 
easy to extract macro features (e.g., sharp peaks and 
valleys, amplitude variances at different directions) due 
to the track difference. Our methodology aims to ex¬ 
tract such macro features from the accelerometer read¬ 
ings of every station interval and use machine learning 
techniques to learn interval classifiers, which are then 
used to detect stations that a specific passenger has 
passed. However, this task confronts the following chal¬ 
lenges: 

First, the metro readings are hidden in the data corre¬ 
sponding to other scenarios such as motionless, walking 
and taking other transportation means. We need an ap¬ 
propriate method to extract metro readings accurately. 
Second, the metro features can be easily interfered by 
noises due to intentional or unintentional movements of 
users. As a result, many station intervals may be falsely 


recognized. We need a robust trace inferring method 
that can tolerate recognition errors of individual station 
intervals. Third, it is too expensive for the attackers to 
collect sufficient labeled training data for every station 
interval in a large-scale metro system. Namely, we can¬ 
not use supervised learning to learn interval classifiers. 

Our Contributions: we make the following specific 
contributions in this paper: 

(1) We are the first to propose an accelerometer-based 
side channel attack for inferring metro-riders’ traces. 
Our basic attack consists of two phases. In the train¬ 
ing phase, the attacker collects labeled accelerometer 
readings for each station interval and extracts carefully- 
selected features to learn a set of interval classifiers. In 
the attack phase, malware installed on users’ smart¬ 
phones will automatically read and upload accelerome¬ 
ter readings. The attack first leverages the sharp am¬ 
plitude difference between the data of metro and other 
transportation means to precisely extract metro-related 
data from miscellaneous accelerometer readings of a vic¬ 
tim. It then segments this data by identifying brief 
stops and applies the interval classifiers to map data 
segments to station intervals. In this process, we use 
ensemble techniques to improve the classification ac¬ 
curacy of individual segments. Moreover, we leverage 
the fact that the translated intervals should be contin¬ 
uous to devise a voting-based trace inferring algorithm, 
which is able to further tolerate recognition errors of 
individual segments due to various noises. 

(2) Since collecting labeled training data for each sta¬ 
tion interval in advance is impractical, we propose an 
improved attack that only requires the attacker to col¬ 
lect labeled data from a very small set of station inter¬ 
vals with obvious characteristics (e.g., the distance is 
much longer than the average, or with obvious turns). 

In particular, we devise a semi-supervised learning ap¬ 
proach that is able to learn interval classifiers by com¬ 
bining this limited labeled data with a large amount 
of unlabeled data obtained from victims’ phones in the 
attack phase. 

(3) We conduct real experiments on Nanjing metro 
line 2 to evaluate the effectiveness of the proposed at¬ 
tack. We develop an Android application that can read 
the accelerometer data. Eight volunteers carry smart¬ 
phones with this application installed when taking the 
Metro. Their traces cover 400 station intervals in total. 
The results show that the averaging inferring accuracy 
can reach about 70% and 90% when a volunteer rides 
the train for 4 stations and for 6 stations, respectively. 

(4) In order to protect the location privacy of metro 
riders, we discuss several possible countermeasures against 
the attack we propose. 

2. BASIC ATTACK USING SUPERVISED 
LEARNING 
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This section presents a basic version of the proposed 
side-channel attack for tracing metro riders. This ver¬ 
sion requires the attacker to collect enough amount of 
labeled accelerometer data for each station interval (In 
this paper, a station interval refers to the track seg¬ 
ment between two adjust stations) during the training 
phase, which is obviously impractical for a large-scale 
metro system. We will describe how to avoid such 
supervised learning in the next section. 

2.1 Attack Overview 

The proposed attack assumes that an attacker has 
infected a large number of users’ smartphones with a 
carefully-designed malicious application. This applica¬ 
tion intermittently reads accelerometers and the orien¬ 
tation sensors, which are available on almost all the ma¬ 
jor mobile devices, and uploads the readings to remote 
servers through any available wireless networks. Such 
malware is not hard to create as both the accelerome¬ 
ters and the orientation sensors can be accessed without 
the authorization of users. Internet access needs the 
permission of users. Nevertheless, since almost every 
application applies for this permission, most users just 
grant without any hesitation. Besides the developing, 
the malware distribution is also easy to achieve based 
on existing social engineering mechanisms. Therefore, 
we will not focus on these two tasks in this paper. 

The major goal of the proposed attack is to infer 
users’ metro-ride traces, i.e., at which stations they get 
on and off, based on the metro-related data hidden in 
the collected sensor readings. The basic idea behind 
this attack is that the track differences among different 
station intervals lead to different macro motion charac¬ 
teristics, which may be captured by the motion sensors 
(e.g., the accelerometers) of passengers’ smartphones. 
As a result, it is possible for the attacker to extract 
these characteristics by analyzing the sensor readings 
and then utilize classic machine learning algorithms to 
identify the passengers’ ride intervals. 

As we show in Fig.[Tl the proposed attack is composed 
of two phases. In the training phases, the attacker col¬ 
lects motion sensor readings for each station interval 
and then uses a supervised learning scheme to build an 
interval classifier. In the recognition phase, the attacker 
analyzes the sensor readings collected by the malware 
from infected smartphones and then utilizes the interval 
classifier to identify the station intervals that users pass 
by. Specifically, this phase contains the follow three key 
steps: 

(1) Metro-related data extraction: Among the 
large amount of data collected by the malware, only 
a small proportion of it is corresponding to the metro 
riding. Most of it is generated when the users stay still, 
walk or take other means of transportation. On account 


of this, we need first solve the challenge to filter out 
metro-related data from the mixed sensor readings. 

(2) Data segmentation and recognition: As sta¬ 
tion intervals are the basic recognition primitives for the 
classifier constructed in the training phase, we need fur¬ 
ther segment the metro-related data for each user. Each 
data segment is corresponding to one station interval. 
We achieve this goal by searching for the stop slots of 
trains, in which accelerometer readings are smaller than 
other areas. Then, the attacker applies the interval clas¬ 
sifier to map these data segments to station intervals. 

(3) Metro-ride trace inferring: Although the pre¬ 
vious step maps the segments data to the specific sta¬ 
tion intervals, the recognition results might be contra¬ 
dictory with each other because of errors. For exam¬ 
ple, two neighboring segments of data are mapped to 
non-neighboring intervals. Targeting this problem, we 
present a voting based algorithm to infer the complete 
metro-ride trace of a user by taking all his segment 
recognition results into consideration. 


You take metro 


Attacker collects data 





.Get your sensor data 
Sensor data 


Figure 1: attack model 


2.2 Coordinate Transformation 

The proposed attack uses the readings of 3-axis ac¬ 
celerometers on smartphones to infer metro passengers’ 
traces. As we show on Fig. [5J each reading is a three- 
dimensional vector [x, y, z] in a screen-based dynamic 
coordinate system {X,Y,Z), which rotates as the phone 
rotates. So this system varies from phone to phone. 
Thereby, it is hard to derive any meaningful motion 
patterns of metro trains from raw readings. To solve 
this problem, we introduce another static East-Noth- 
Up (ENU) coordinate system which is also shown in 
Fig. [2] This system does not rotate as the phone ro¬ 
tates. We thereby transform every reading [x,y^z] in 
the original phone system to [x',y',z'] in ENU system 
before performing any analysis. 

It is impossible to directly perform this transforma- 
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tion due to the lack of the relation between these sys¬ 
tems. We should use the orientation sensor, which is a 
virtual sensor based on the magnetometer, to achieve 
this goal. The reading of the orientation sensor is also 
three-dimensional data [a, /3, 7 ], where a is the angle be¬ 
tween the T-axis with respect to the horizontal plane, 
and /3 is the angle of the X-axis and the horizontal. 7 
is the angle between the horizontal projection of the Y- 
axis of the phone system and true north. With these 
three angles, it is easy to derive the east, the north and 
the up components of the acceleration (i.e. the vector 
\x',y'^z'\ in ENU coordinate system). We show the re¬ 
sults in Table [TJ The angles 71 , oi, /3i, 9 are marked in 

Fig. El 



Figure 2: Coordinate decomposition of the sensor 


Table 1: Results of coordinate transformation 


EGA 

the east component 
of the acceleration 

j/cosacos(7 — tt) -f 

zcos/?cos(7 -t 7i — tt) + 

2 cos 9 cos(7 -1- / 3 i — tt) 

NCA 

the north compo¬ 
nent of the acceler¬ 
ation 

— ?/COSQ;COs(7 — 77/2) — 

fCCOS^COs(7 + 71 — 7t/ 2) — 
zcos6cos{'y + /Si — t7I2) 

VGA 

the vertical compo¬ 
nent of the acceler¬ 
ation 

xi sin (3 -\-yi sin a + zi sin 9 


2.3 Extraction of metro related data 

After the coordinate transformation, the next task 
for the attacker is to extract metro-related data from 
a large amount of sensor readings collected from vic¬ 
tim smartphones. Among these readings, only a small 
fraction are produced when users take the metro. Hem- 
minki et al. [B] propose an elegant accelerometer-based 
transportation mode detection mechanism on smart¬ 
phone. We may directly apply this proposal to fulfil 
our task. However, their goal is to achieve fine-grained 
detection of the transportation means for each piece of 
accelerometer data, which is much more complex than 


ours, i.e., to precisely determine whether a give piece of 
accelerometer data corresponds to metro or not. Thus, 
we devise a simpler solution for this challenge. 

To extract metro-related data, we have to first learn 
the distinction between it and the data related to other 
transportation means. Fig. [3] presents the sequential 
values of the horizontal resultant acceleration (HRA) 
when a user changes from metro to walk. Left is the 
data generated on the metro, while right is the data 
corresponding to walk. We can find that the amplitude 
of the walk-related data is significantly larger than that 
of the metro-related. Fig. 0] further compares the HRA 
curves when the user is on the metro, taxi and bus. We 
can still observe a sharp difference that the amplitude of 
metro data is much smaller than that of the non-metro 
data. 

Based on the above observations, we build a naive 
bayes classifier based on the HRA charactersitics to 
identify metro-related data from mixed sensor readings. 
Given a sequence of HRA values of a victim, the at¬ 
tacker classifies each m-sample sliding window. We use 
five statistical measures of the HRA values: mean, vari¬ 
ance and the numbers of samples that surpass three 
pre-defined thresholds, respectively, as the classifica¬ 
tion features. The classification result is binary: either 
metro or non-metro. We move the window m samples 
in each sliding. The window size is set to be the half 
of the length of the shortest station interval in the tar¬ 
get metro network. The last feature is picked because 
we think it can well capture the amplitude difference 
between metro and other transportation forms in our 
observation. 

According to our experiments in Sec. 14.11 this simple 
classifier may produce errors, especially the false posi¬ 
tives. However, we observe that it is rare to find two 
consecutive widows that are both misclassified. This is 
because the length of the classification window is usu¬ 
ally longer than one minute, which is not very short. 
It is unlikely for other transportation means to move 
the same as a metro train more than two minutes. We 
thereby propose the following optimization to further 
reduce the errors. 

If Wini is classified as non-metro while Wiui+i is 
classified as metro, we first continue to classify Wini+ 2 - 
If it is attributed to non-metro, we think that Wzni+i is 
misclassified. Otherwise, a new sequence of metro data 
is considered to begin at some position within Wiui. In 
this case, we further classify the windows beginning at 
Sample (i -\- l)w — I,(f -I- l)r(; — 2,- ■ • one by one until 
meeting the first window that is classified to be non¬ 
metro. Then, if the start position of this window is at 
Sample [i -\- l)w — fc (I < fc < w), the start position of 
the new sequence of metro data is considered to be at 
Sample (i-\-\)w — k-\-w/2. We can use a similar method 
to handle the suitation if Wint is metro while Wiui+i 
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is non-metro. Due to the space limitation, we omit the 
detailed description here. 
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Figure 3: The horizontal accelerations of walking and 
taking the metro 


2.4 Segmentation of metro related data 

After obtaining the metro-related data, the next step 
is to segment it and let each segment correspond to a 
station interval. We segment the data because station 
intervals are the recognition primitives for the interval 
classifier built in the training phase. 



1000 1500 2000 2500 3000 

Samples(IOHz) 


Figure 5: Illustration of stop slots 

As we know, metro train has to make a brief stop be¬ 
tween any two station intervals for disembarking and 
loading passengers. We thereby try to segment the 
metro-related data of a victim by identifying the stop 
slots hidden in the data. Fig. [5]shows the HRAs derived 
from a piece of metro-related data. We can observe that 
there exist a series of periodic slots where the values are 
much smaller than those of other positions. According 
to our analysis, these slots rightly correspond to the 
stop periods of the train. The values in these slots are 
smaller because the train is still and has no accelera¬ 
tion in any direction. We design an algorithm shown in 
[1] to automatically determine the segmenting points by 
searching for this kind of stop slots. 

Let {Xi, X 2 , ■ ■ ■ ,Xn} be a sequence of HRA values 
derived from a victim’s metro-related data. The pro¬ 
posed algorithm defines a sliding window W, the length 
L\y of which is equal to the minimum time of a brief 
metro stop. It moves forward W from Xi one value 
by one value until reaching a sample Xi that the num¬ 
ber of values below a threshold Ti within Wxi exceeds 


95%L\\r, i.e., 

|{/cG{j,t-|-I,j + L\y — 1} : Xk < Ti}I > 95%Lvv- 

Then, we regard Xg (s G i, i -I- 1, • • ■ , i -|- win/2 — I) 
that minimizes MeaniWxs) as a potential segmenting 
point. Here, Mean{Wx^) is defined to be the mean 
value of the points within Wx^ ■ Once we find Xg , the 
algorithm directly skips the next T 2 values and searches 
for the next stop slots from A^+Ta- Here, T 2 equals 
the length of the shortest station interval in the target 
metro system. 


Algorithm 1 : FindFinalSegmentPoints 
Inputs : A sequence of HRA values of a victim’s 
metro-related data, X; 

A threshold for identifying stop slots, Ti; 
The maximum length of a station interval, 

Lmax ; 

The minimum length of a station interval, 

^min 

Output: Final segmenting points; 


1 begin 

2 orderedSet = 

3 FindSegPoints ((A, 0, Length{X), Ti)) ; 

4 isStop = false; 

5 while HsStop do 

6 isStop = false; 

7 OrderSet tmpSet = 0; 

8 Ti = Ti -I- A; 

9 for i ^ 0 to SizeOf (set) do 

10 if set[i + 1] — set[i\ > L^ax then 

11 isStop = false; 

12 tmpSet y = 

13 FindSegPoints ((A, set[tj-l- 

14 Ljnini Set [t -p 1] Ljnin^ )) , 

15 set = sety tmpS'et; 

16 return set 


The above process could help us identify a set of po¬ 
tential segmenting points. However, sometimes due to 
selecting an unsuitable Ti, it may miss one or several 
segmenting points, especially when the sensor data con¬ 
tains many noises (Note that, false segmenting points 
can be avoided by making Ti small enough ). To address 
this problem, we further check the segmenting points 
that we just find. If the distance between neighboring 
points goes beyond the maximum length of a station 
interval, we know that some segmenting points between 
them must have been missed. So, the algorithm slightly 
increases Ti and re-searches the stop slots within that 
interval. To improve the accuracy, we repeat this step 
until the distance between any two adjacent segmenting 
points does not exceed the maximum interval distance. 
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(a) Bus 


(b) Taxi 
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(d) Static 


Figure 4: The horizontal acceleration of traveling by bus, taxi, metro and static, respectively 


According to our experiments, this approach may still 
produce some errors even after applying the above mea¬ 
sure. So in Section. 12.61 we will give a further solution 
to tolerate erros in the trace inferring. 


Procedure FindSegPoints 
Inputs : A, Ti, Lmaxt ^max] 

The start and end index of X: sidx and 


eldx] 

Output: A set of potential segmenting points; 

1 begin 


i = 0; 

OrderedSet retSet = 0; while i < eldx — L^in 

do 


4 

5 

6 
7 


count = \{k € Wxi ■ Xk < Till; if 
count > 80%Lvv then 

Find s G {*, t -I- 1, • • • ,i + winj^ — 1} 
that minimizes Mean(Wxs)] 
retSet = IJ = {As}; 
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else 

[_* + +; 
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return retSet 


2.5 Recognition of the stations 

By now we have discussed how to segment the metro- 
related data. In this section we will further discuss 
how to distinguish among data segments. Our basic 


attack requires the attacker to collect sufficient amount 
of training data for each station interval (We will intro¬ 
duce how to bypass this limitation in Sec. [3]). It then 
utilizes the labeled data to lean a classifier model, which 
helps translate the data segments returned in the last 
step to the station intervals. We now first detail the 
feature selection and then introduce the classification 
approach. 

2.5.1 Feature Selection 

The features used for classification can be divided into 
two sets. 

(1) Statistical Features As we show in Table [21 
this set includes statistical features of the accelerometer 
data of the target segment in both time and frequency 
domains. Note that we extract these features for all 
3 individual components in Table |l] which indicates 
that the total number of features in this set reaches 
24. These features are able to effectively capture over¬ 
all patterns of the train movement during this interval. 
For instance, the STD of the NCA component is use¬ 
ful to characterize the vertical vibration pattern of the 
train. Note that before extracting these features, we 
first perform the signal smooth that we will describe 
soon to filter out random noises due to the movements 
of the user hands. 

(2) Peak Features Although statistical features can 
capture overall patterns of the train movements, they 
may miss some local significant events such as big turns 
at particular positions, which are usually caused by sig¬ 
nificant changes of the metro track and are ideal features 
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Table 2: Statistical features that we used for classifica¬ 
tion 


Mean 

Means of acceleration 

Max 

Maximum of acceleration 

STD 

Standard deviation of acceleration 

MAY 

Mean of the absolute value of acceleration 

NVHTl, 2, 3 

Number of values higher than thresholdl, 2, 3 

Length 

Length of the segment 

FFT DC 1-6 Hz 

Six first FFT components 

SE 

Spectral Entropy 

SP 

Spectrum peak position 


for the interval classification. These events usually re¬ 
sult in the sharp peaks and valleys in the accelerometer 
data. So, to capture such critical features, we include 
the top three peaks and valleys of accelerations on each 
axis in NEU system in the feature vector. Nevertheless, 
these features are not easy to extract. 

First of all, the accelerometers data may include many 
noises due to the hand movements of the user. Fig. |6(a)] 
shows the accelerations on the east axis when a user 
shakes his hand holding the smartphone in the station¬ 
ary case. We can find that this shaking may produce 
larger peak or valley amplitudes than the movement of 
metro trains. We employ a simple smooth technique to 
reduce the interference of such noises. Specifically, for 
an acceleration sample W on a specific axis, this tech¬ 
nique replaces its value with the average of the samples 
within a fc-sample window around it, i.e., 

2//c 7 2/fc-t-l: ' ' ' ; ^2-t-2/fc —l)* 

We present the accelerations after being smoothed in 
Fig. |6(b)[ We can find that the amplitudes of the new 
curve become much more smaller, and their peaks and 
valleys can hardly interfere the extraction of desired fea¬ 
tures now. This technique works since the accelerations 
due to the hand movement will change from one direc¬ 
tion to the opposite in a short-term, and thus the sum 
can cancel each other. The accelerations due to the 
train movement, however, may last for a longer time in 
one direction, and will not cancel each other. 

Second, according to our experiments, we find that 
one significant change of the metro track may cause 
multiple random peaks or valleys that are extremely 
close. As they can only reflect a single feature of the sta¬ 
tion interval, it is better to avoid including all of them 
into the feature vector for the classification. Thus, as 
shown in Figl3 we divide a specific acceleration curve 
into windows of the same size, find and rank the maxi¬ 
mum (minimum) value in each window, and regard the 
three top ranking maximums (minimums) as the desired 
peaks (valleys). Nevertheless, if the window size is set 
improperly, this approach may still make mistakes. For 
instance, the windows in FigI7]not only miss a desired 
peak, but also find a false peak. To further improve 


ij 200 400 600 800 1000 

Samples(IOHz) 

(a) Original noisy data 
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Id 200 400 600 800 1000 

Samples(IOHz) 

(b) Smoothed data 
Figure 6: The effect of smooth 

the accuracy, we repeat the above process serval times 
with different window sizes, and chooses the three peaks 
(valleys) that win the most times as the final outputs. 



Figure 7: Illustration on peak selecting 


2.5.2 Classification 

After we determine the features, we use them ex¬ 
tracted from the labeled data to train a classifier for 
recognizing unknown data segments. Instead of using 
only one classification model, we train multiple basic 
multi-class classifiers and use the ensemble technique 
ciEiini to combine the classification results with the 
aim of creating an improved composite classifier. The 
final class prediction is based on the votes of the ba¬ 
sic classifiers. We mainly use two types of classifiers: 
boosted Naive Bayesian and decision trees. 

To improve the accuracy of Naive Bayesian, we im¬ 
plement its boosted version based on the AdaBoost [9] 
algorithm. In AdaBoost, weights are assigned to each 
training tuple. A series of k classifiers are iteratively 
learned. In each round of leaning, the samples from the 
original training set is re-sampled to form a new training 
set. The samples with higher weights are selected with 
a higher chance. After a new classifier Mi is learned, the 
samples that are misclassified by Mi are assigned higher 
weights, which makes the following classifier pay 
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more attention to the misclassified tuples. The final pre¬ 
diction result is returned based on the weighted votes 
of the classifiers learned in each round. For the decision 
tree technique, we also use its ensemble version, ran¬ 
dom forests [8], to improve the accuracy. In particular, 
this technique generates a collection of diverse decision 
trees by randomly selecting a subset of the features and 
training tuples for learning. During classification, each 
tree votes and the final result equally considers all these 
votes. 

Although we have applied the ensemble technique to 
improve the classification, it is impossible to completely 
remove errors due to various kinds of noises existing in 
the training data. However, the trace of a passenger 
usually contains more than one segment, which should 
be translated to continuous station intervals. If some of 
them are misclassified, the translated results are very 
likely to become discontinuous, i.e., cannot form a prac¬ 
tical passenger trace. This enables us to filter out some 
classification errors. On the other hand, this property 
also indicates that we have the chance to obtain a cor¬ 
rect trace so long as one of the elemental segments is cor¬ 
rectly recognized. In the next subsection, we leverage 
this observation to propose a voting-based trace infer¬ 
ring mechanism which can better tolerate classification 
errors of individual segments. 

2.6 Error-Tolerant Trace Inferring 

Assume the metro-related data of a passenger consists 
of n segments {^i, S' 2 , • • • , Sn}, and the metro network 
contains m station intervals {/i, I2 • • • , In}- Instead of 
returning the single winner, we make the classification 
mechanism proposed above return a probability matrix 
P “ [Pi,j]nxm where Pij denotes the probability that 
data segment Si is mapped to station interval Ij. 

As the inferring result must be a continuous sequence 
of station intervals of length n, the inferring domain p is 
actually limited. For instance, if we assume that the m 
station intervals belong to one metro line, there are only 
2 X (m — n + 1) possible results: p = {h ^ In, h ^ 
In+i,--- ,Im-n+i ^ Im}- We Can exhaustively con¬ 
sider each of these possibilities, and use a voting-based 
approach to determine the final output. In this ap¬ 
proach, the votes that one possibility Pbti: li ^ ^ 

li+n-i obtains equal the sum of the probabilities for 
each data segment to be mapped to the corresponding 

n 

station interval in Pbti, i.e., Vote{Pbti) = ^ Pj^i^j-i. 

1=1 

We simply pick the possibility obtaining the highest 
votes as the final inferring result. This method can well 
tolerate elassifying errors of individual segments for two 
reasons: 

(I) For each data segment, we take into account not 
only its optimal mapping but also other possibilities. 
Note that the optimal mapping may be incorrect due 


to classifying errors. 

(2) Our final inferring result comprehensively consid¬ 
ers the classification results of all the member segments 
in a trace. The errors of one or a small number individ¬ 
ual segments may not affect the overall predication. 

When the metro system is large, we should reduce the 
size of p to improve the efficiency of the above process. 
For this purpose, we pick three station intervals with the 
highest mapping probabilities for every data segment 
Si- Then, we only include the possibility Ik-i+i 

Ifc • Ik+n-i into p for every such interval Ik- 
By doing so, the size of p will be greatly reduced. 

The accuracy of such kind of inferring heavily relies 
on the correctness of data segmenting. If the later is 
incorrect, the inferred outcome must be either wrong. 
Although we have taken some measures to increase the 
segmenting precision in Sec. 12.41 some errors may still 
exist as we show in Fig. 14.21 To tolerate such errors, 
if the user data is segmented into n segments by the 
algorithm, we also consider the conditions of being seg¬ 
mented into n — 1 and n + 1 segments. Specifically, for 
every possibility Ik^ —>■•••—?' in the optimized p, 
we consider Ik^ ^ • • • — Ik^-i nnd ^ 

as well. Note that the time length of a station inter¬ 
val can be estimated based on the map. So, when we 
compute the probability oi Iki ^ Ik„-i, we can 

segment the user data into n — I segments based on the 
estimated length of each interval. 

3. IMPROVED ATTACK USING 
SEMI-SUPERVISED UEARNING 

The basic attack proposed in the last section requires 
the attacker to collect labeled data for each station in¬ 
terval for building an interval classifier. However, in the 
real world, there are many cities, such as New York and 
Tokyo, which consist of tens of metro lines and hundreds 
of station intervals. It is extremely time consuming for 
the attacker to traverse every station by metro many 
times. In this section, we aim to address this problem 
by proposing an improved attack using semi-supervised 
learning to significantly reduce the workload of the at¬ 
tacker. 

In the improved attack, the attacker is only required 
to personally collect sensor data for one or a very small 
number of station intervals with obvious features, e.g. 
containing big turns, which can guarantee a high recog¬ 
nition rate. It tries to use these intervals as the seeds 
to infer unlabeled data belonging to other intervals. 

Without loss of generality, we assume that the at¬ 
tacker only collects labeled data for a single station in¬ 
terval, which is denoted by I seed- The overview of the 
proposed semi-supervised learning algorithm is present 
in Algorithem[2] It first builds a particular binary clas¬ 
sifier Cseed for Iseed based On the corresponding labeled 
data. This classifier uses the same set of features in 



Si—► Training Data 
§2—►Training Data I^^ed-i 
S4 ►Training Data I,eed+i 

Figure 8 : One round of semi-supervised learning 


Sec. 12.51 and returns a binary result that whether an 
input segment corresponds to I seed or not. Similar as 
the classification method in Sec. 12.51 the classifier here 
may be an ensemble combines a series of basic classifiers. 
Next, it uses this classifier to check the segmented un¬ 
labeled data collected from victims. If a segment of a 
victim’s data sequence is classified as /seed "we can eas¬ 
ily infer the belongings of other segments in the same 
sequence. For instance, if S 3 in the sample sequence 
< S'iS' 2 S' 3 S '4 > is classified as Iseed, we know that 
S 2 and 54 are mapped to Iseed- 2 , heed-i and heed+i, 
respectively. It then labels these data segments and 
adds them to the training sets of the corresponding sta¬ 
tion intervals. After finishing checking a large number 
of victims’ data, we may have obtained enough num¬ 
ber of labeled training data for some non-seed station 
intervals. So, we can build particular binary classifiers 
for these intervals as well. In the next round, we treat 
these intervals as new seeds, and use them to classify 
the victims’ data segments again. In this round, some 
intervals that do not get enough training data in the 
last round may get enough data now, and therefore can 
be regarded as new seeds. 

We repeat the above process until all the station in¬ 
tervals get enough training data. By now, we can turn 
back to the basic attack. The difference is that all the 
training data except that of the seed interval are pro¬ 
duced by inferring instead of being personally collected 
by the attacker. This may reduce the accuracy of the 
final trace inferring, but not significantly according to 
our experiments. 

Note that due to classifying errors, different seed clas¬ 
sifiers may produce contradictory results. For instance, 
consider a victim’s data sequence < S 1 S 2 S 3 SA >. Sup¬ 
pose that in a specific round the attacker has obtained 
two seed classifiers Ci and Cj. If Ci recognizes Si as A, 
Cj recognizes S 2 as Ij, but A and Ij are not continuous, 
we get an conflict. This problem can be solved based 


Algorithm 2: Proposed Semi-supervised learning 
for labeling user data 

Inputs : Lists of unlabeled data segments, SLists; 

The seed classifier,Cseecz; 

Output: Lists of labeled segments. Result 

1 begin 


2 

CSet = 

{C'seed}; 

3 

while True do 

4 


LLists = 0; 

5 


foreach SL G SLists do 

6 



IL = Identify(5'L, CSet)] 

7 



for i = 0; i < IL.length; i++ do 

8 



|_ LLists[IL[i]] G- SL[i\- 

9 


count = 0; 

10 


foreach LL G LLists do 

11 



if LL.length > Threhold then 

12 




count + -I-; 

13 




C = TrainingC/L); 

14 




CSet[C.ID] = C- 

15 


if count == Total Number of Intervals 



then 

16 


1 ^ break; 

17 

return LLists: 







on a similar voting-based method as that in Sec. 12.61 
Specifically, the classification result of each seed classi¬ 
fier is regarded as a vote. We finally return the result 
receives the highest votes. Here, each vote is weighted 
according to the classification confidence. 

4. EXPERIMENT 

In this section, we introduce our experiments on real 
metro for evaluating the feasibility of the proposed at¬ 
tack. 

Our experiments are performed on Nanjing metro line 
2. Fig. [3 shows the range of the metro line. Eight 
volunteers repeatedly travel between two stations by 
metro. Each of them carries an Android smartphone 
that installs a data-gathering application developed by 
us. This application reads the accelerometer and the 
orientation sensor every O.Is, and automatically uploads 
the accumulated data to a remote server when WiFi is 
available. During experiments, smartphones are held in 
hands, and the testers are operating them in usual ways. 
The phones that testers used include Samsung S3, S4 
and Note2. We finally collect forty data sequences, each 
of which corresponds to a trip containing 10 station in¬ 
tervals. So the dataset covers 400 data segments in to¬ 
tal. We then evaluate the effectiveness of the proposed 
attack based on this dataset. 
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Figure 9: Map of the metro line used in our experiment 

4.1 Accuracy of the extraction of metro-related 
data 

We first evaluate the accuracy of our method for ex¬ 
tracting metro-related data. For this purpose, besides 
the metro-related data, we also collect 1.5h data each 
for four other transportation means include walking, 
bus, taxi and stillness. We divide each of these data 
sequences (including 40 metro-related data sequences) 
into 100 second-long segments, and then use the clas¬ 
sifier that we introduced in Sec. 12.31 to classify them. 
The percentage for each kind of data to be classified as 
metro-related is presented on Fig. |10(a)[ We can find 
there will be some errors in the extraction. But when 
we use the further optimization that we proposed in the 
end of Sec. 12.31 more than 99 % of the metro data is cor¬ 
rectly recognized, and no false positives are produced. 



Means of transportation 
(a) Before optimization 



Means of transportation 
(b) After optimization 


Figure 10: Accuracy of extracting metro-related data 


4.2 Accuracy of segmenting the metro-related 
data 

We now evaluate the accuracy of our method in Sec. 
l2.5l to segment the metro-related data. We employ Edit 
Distance, which is a popular way of quantifying the dis¬ 
similarity between two strings, to measure the segment¬ 
ing accuracy. Suppose that A = Xj^ ■ ■ ■ Xj^ is the 
real sequence of segmenting points of a victim’s metro 
data, while the counterpart produced by Algorithm 1 
is i? = XkiXk 2 ■ ■ ■ Xkm- The edit distance ED{A,B) 
is defined to be the minimum number of operations re¬ 
quired to transform B into A. Here, different from in 
the string scenario, we assume that two nodes, Xj^ and 
Xkt, are equal so long as |js — kt\ < 10s, where 10s is 
half of the minimum stop-time of the trains. We seg¬ 
ment every data sequence in our experimental dataset, 
and the CDF of the edit-distance distribution is pre¬ 
sented in Fig. [TT] We can find that more than 90% 
segment sequence which compared to the real sequence 
the error point is less than 2. We thereby should em¬ 
ploy the mechanism propose in the end of Sec. 12.61 to 
tolerate these errors in the trace inferring. 



Figure 11: Segmenting accuracy measured by the edit 
distances between the segmenting results and the facts 

4.3 Accuracy of the basic attack 

In this subsection, we evaluate the inferring accu¬ 
racy of the basic attack using supervised learning. As 
we mentioned earlier, we totally collect forty groups of 
metro-related data, each of which corresponds to a 10- 
station-interval trip. In each evaluation, we pick 39 of 
40 sequences for training, leaving one for testing. We 
do not vary the ratio of training and testing data here 
because this attack is just the basic version. In our sub¬ 
sequent evaluation on the improved attack, all these 40 
data sequences are regarded as unlabeled testing data. 

We first evaluate the classification accuracy of the 
naive Bayes classifier. The results are shown in Table. |3l 
The cell at row i, column j denotes the percentage for 
the data segments corresponding to station interval li 
to be classified as Ij. We can find that the values at 
the diagonal positions are the greatest in most of the 
rows, which is a desired feature because these values 
equal the accurate recognition rates of station intervals. 
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In addition, Table. [3] shows that station intervals Ji, 
le and I 7 posses higher recognition rates than others. 
By checking these intervals on the map, we find that 
this result is reasonable because all these three intervals 
expose remarkable characteristics in their tracks that 
can significantly improve recognition rates. 


Table 3: Mapping probability from individual segments 
to station intervals(%) 
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basic attack against the testing data. 

The average inferring accuracies for the data of dif¬ 
ferent lengthes are presented in Fig. [121 We can find 
that compared with those in Fig. |T31 all the results de¬ 
crease, but not so significantly. The inferring accuracies 
for the trips of length 3, 5 and 7 can surpass 59%, 81% 
and 88%, respectively. 



Trip Length (# of Station Intervals) 

Figure 12: Final inferring accuracy on the traces 


We then evaluate the performance of our voting-based 
inferring mechanism proposed in Sec. 12.61 In each 
round of evaluation, we still pick 39 of forty sequences 
for training. For the remained one containing 10 seg¬ 
ments, we slip it and generate three sets of subsequences, 
whose lengths are 3 (segments), 5 and 7, respectively. 
Each sequence in these sets is considered as the metro- 
related data of a distinct passenger. We then apply 
the voting-based method to infer his trip. The inferring 
accuracies for the sequences of different lengths are pre¬ 
sented in Fig. [121 We find that the inferring accuracy 
increases with the length of the data sequence, i.e., the 
trip length of the passenger. Specifically, when the trip 
is composed of 3 station intervals, the average inferring 
accuracy is about 80%. When the length is increased 
to 7, this value is greater than 94%. 

4.4 The accuracy of the improved attack 

Finally, we evaluate the inferring accuracy of the im¬ 
proved attack using semi-supervised learning. In our 
experiment, we pick Jg and I 7 as the seed intervals since 
their recognition rates are relatively higher (Please see 
Table. [3]) thanks to their obvious characteristics. We 
mark them by read arrows in fig. [HI We collect addi¬ 
tional 20 pieces of training data for each of them and 
then construct classifiers for them separately using su¬ 
pervised learning. In this case, the 40 data sequences 
are all unlabeled and regarded as testing data. In ad¬ 
dition, because, in the real world, unlabeled data col¬ 
lected from passengers usually has varied lengthes, we 
randomly split these data sequences. Each subsequence 
of a random length is considered as one piece of inde¬ 
pendent training data. We then run the mechanism 
proposed in Sec. [3] to infer training data for each sta¬ 
tion interval. Once all the station intervals get sufficient 
number of training data, we can return to perform the 


4.5 Power Consumption 

Malware in our attack has to continually access the 
accelerometer, which certainly consumes additional power. 
We thereby have performed a coarse-grained evaluation 
of power consumption of the application we have used in 
the above experiments. Note that we do not consider 
the power consumed for uploading the recorded data 
through WiFi since this operation is performed infre¬ 
quently. As we show in Fig. |T31 we compare the power 
consumptions when our background application is run¬ 
ning or not on four different smartphones. We consider 
both the scenarios that the screen is on and off. Phone 
ID 1 to 4 correspond to Samsung S4, Huawei G750, 
Samsung S3, MEIZU MX, respectively. We can find 
that the increased power consumption per hour (less 
than 1.8%) due to the running of this application is 
quite limited . 



Figure 13: Power Consumption 


In our current malware implementation, it keeps read¬ 
ing the accelerometer every O.Is once being launched. 
We can optimize this design by moving the task of ex¬ 
tracting metro data from the server to the smarphone. 
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If it detects that the current accelerometer data does 
not correspond to metro, it can sleep for a longer time 
(e.g., 5min). It is of small probability for the user to 
take metro in the short time if he is not taking metro 
now. By doing so, the above energy consumption is 
expected to be further reduced. 

5. SCHEME OF DEFENSE 

Our scheme does not rely on GPS or other positioning 
systems, which gives it a high level of concealment and 
considerable efficiency. It may disguise itself into nor¬ 
mal smartphone software when it steals the information 
on the users’ trace. However, some defensive strategies 
can be made to lower the chance of the leakage of infor¬ 
mation on users’ trace. 

(1) The smartphones that we currently use does not 
inform the user that the application will need the per¬ 
mission to access to the sensors. To prevent the leakage 
of the usersqf privacy, we let the operating system hint 
the user that the application will access to the sensors 
and ask for users’ permission. However, this step is 
usually neglected by most users. 

(2) We may blend some noise into the sensor data in 
order to prevent attackers from making use of sensor 
data to grab the users’ privacy effectively. If the user 
needs the original sensor data without noise, selection 
dialog boxes will prompt out to let users permit the use 
of non-noise sensor data to some applications. This may 
ensure that the privacy of users will not leak by sensor 
data. 

(3) If malware intends to steal the users’ privacy through 
sensor data, constant request for the data from sensors 
will evidently boost the power consumption. No matter 
how the malware tries to conceal itself, the acquisition of 
sensor data will lead to an increasing power comsump- 
tion of the smartphone. We may scrutinize the status 
of power consumption of programs to examine those 
programs that keep consuming too much electricity. In 
this way, it is highly possible for us to find malware that 
operates background. 

6. RELATED WORK 

In our work, we dig information from metro-related 
sensor data. Actually there are many works in which 
usersqf private data are stolen through accelerometer. 
Liu et al. [10] design a software called uWave. It makes 
use of the triaxial accelerometer in a smartphone to rec¬ 
ognize the gestures of the users, which has achieved a 
good effect. Wu et al. m also do some research on 
gesture recognition. So if malicious attackers utilize 
those data, they will know what users do. Cai et al. 
[12| initial a project in which he reckons the usersqf 
taps on their smartphones by accelerometers. As taps 
on different places of the smartphone screen will bring 
different changes to the sensor, given the fixed arrange¬ 


ment of smartphone keyboard, password and other per¬ 
sonal information that users have typed out may be 
revealed. Compared with brute-force attack, this ap¬ 
proach is much more effective |2]. 

Our work infers the metro-related sensor data, there 
are also works that involve the data from accelerometer 
as a part of the whole database in order to trace the 
user. Lee and Mase m point out that motor data can 
be used to speculate on the users’ traces, but a starting 
point needs to be settled first. However, accelerometer 
is just one of the sensors that are utilized and this work 
is not based on smartphone. Han et al. [Tl] use ac¬ 
celerometers of smartphone only to deduce users’ trace. 
They acquire the users’ tracks by the algorithm they 
design, then they match them with a map to infer the 
trace of the user, which has inspired us a lot. We imple¬ 
ment their model which called ProblN. We experiment 
on the metro line, but it can not draw the metro line ac¬ 
curately. It can hardly recognize the turns of the metro 
line, we can only draw a straight line without turns. 
Their experiment is based on driving. As we can see 
from Fig. S] the metro-related data is smooth, so it is 
sensitive to noise, it can hardly get detail information 
about metro from this method. 

Our work involves extracting metro-related data from 
a lot of sensor data, which inevitably takes the recogni¬ 
tion of different means of transportation into consider¬ 
ation. The earliest ways to recognize the form of trans¬ 
portation is based on a multi-sensor platform naiie]. 
As smartphones develop, some early systems use em¬ 
bedded accelerometers to read out traveling on foot or 
other non-motorized means of transportation, such as 
walking HTjllH], running, ascending and descending the 
stairs m or riding the bicycles j^D] . Some of the works 
have achieved a good effect on recognizing those means, 
whose accuracy is higher than 90%. There are also some 
works about detecting stationary and motorised trans¬ 
portation modalities [2TJ |22] . But the result yielded is 
much less effective [B] compared to detecting of non- 
motorized transportation modalities. Hemminki et al. 
[6] raise an advanced method, which largely improve the 
accuracy of the recognition of electrified transportation. 
They determine the user takes what kind of transporta¬ 
tion. But in our work, we only need to determine if the 
user takes metro or non-metro transportation. So it 
is unnecessary for us to use this powerful but sophis¬ 
ticated method to extract metro-related data. In our 
work we propose a simple but equally effective algo¬ 
rithm to achieve our goal. 

7. CONCLUSION 

In this paper, we have proposed a basic attack which 
can extract metro-related data from mixed acceleration 
readings, then use an interval classier built from su¬ 
pervised learning to infer users’ trace. This attack need 
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the attacker to collect labeled training data for each sta¬ 
tion interval, so we further proposed a semi-supervised 
learning approach. The improved attack only needs to 
collect labeled data for a few station intervals with ob¬ 
vious characteristics. 

We conduct real experiment on Nanjing metro line 2. 
From the experiment in Sec. Uwe find that the inferring 
accuracy can reach 92% if the user takes the metro for 
6 stations. 
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